tasklist.org
tasklist.org - process list
   
tasklist.org
A comprehensive list of processes running in your computer  
tasklist | attachlist  
total tasks: 16297  
AttachList is a list of email attachment files that viruses usually send in email. It contains the attached file names, typical subjects and messages, the name of the viruses that send them, and instruction on how to remove these viruses.
  search


  most requested






 
  Browse attachlist by file name:
|  a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z |
Name: W95.MTX

Sender:


Subject:


Message:


Attachment:


Comments: A virus that propagates by email and infects some Win32 executables inspecific folders. Also has the capability to block access to certain Websites.

Symptoms:


Recommended Cleanup Software: We found that Easy SpyRemover is the most effective tool for removing this file.

Manual Removal Instructions: You can use this method if the fix tool doesn't work.
This is a complex and difficult virus to remove. It alters system files, and on some computers these files cannot be repaired. In some cases, after attempting to repair the virus, you cannot start Windows until you restore the essential system files from the original Windows installation CD.
NOTE: Because this virus can not only disable Windows and executable files, but can also block access to certain Web sites, including Symantec Web sites, in some cases you must perform any needed downloads on an uninfected computer.
CAUTIONS:Windows 98 enables you to create a startup disk, which contains both system files and drivers that will work with most CD-ROM drives. Windows 95 does not. Before you start this procedure, it is strongly recommended that you create or obtain a Windows 98 Startup disk. This can be used to start a Windows 95 or a Windows 98 computer. If you do not create this disk first, and the first part of the removal procedure does not work on your computer, then you may not be able to restore some Windows files if this is needed.This virus should be detected and removed by following the instructions that follow. The mere presence of files that begin with the letters "mtx" or have the .mtx extension is not an indication of infection. For example, the files mtxdm.dll, mtxoci.dll, twain*.mtx, and twunk*.mtx are all legitimate Windows program files.
NOTES:Due to the nature of this virus, some files will not be repairable. The unrepairable files will need to be restored from clean backup copies, or from the original distribution disks.To remove this threat you must carefully watch Norton AntiVirus (NAV) during the detection process. The files infected by the virus portion of W95.MTX should be detected as W95.MTX and W95.MTX (.dll). Any files that are detected as being infected with either W95.MTX or W95.MTX (.dll) should be repairable.Files that are part of the Trojan and worm part of the infection should be detected as W95.MTX.dr. Any files detected as being infected with W95.MTX.dr must be removed.It is important to make the distinction between the virus and the worm components, because the virus part of W95.MTX can infect Windows system files, and if you delete system files, then you might damage Windows.
To repair the damage done by this virus, follow the instructions in each section.
Create or obtain a Startup disk
Ensure that you have the most recent virus definitions
Restart the computer to a command prompt
Delete the infected files
Type each of the following commands, pressing Enter after each one:
cd \windows
set path=c:\windows\command
attrib -r -s -h *.*
del ie_pack.exe
del win32.dll
del mtx_.exe
del wininit.ini
NOTE: If you see "File not found" after entering any of the commands, then verify that the command was typed exactly as shown.
Type dir /s /b \navdx.exe and then press Enter. This displays the path to the Norton AntiVirus DOS scanner. If NAV is installed to a different drive, then change to the root of that drive first.
Change to the folder where Navdx.exe is installed.Type one of the following commands, and then press Enter:
CAUTION: This could take several hours or more on some computers. Do not attempt to stop the scan once it has started.
NOTE: The DOS-based scanner can perform one of the following actions when it detects a virus:
To be prompted for any file that is detected as infected, type the following, and then press Enter:
navdx /a /doallfiles /prompt
You must press R)epair, D)elete, or C)ontinue for each infected file. If you choose this option, and NAV cannot repair an infected file, then you will see the message "Unable to repair the file" followed by the same three choices. In most cases you should then choose D)elete, unless you are sure that the file is not actually infected.
To delete any file that is detected as infected, type the following, and then press Enter:
navdx /a /doallfiles /delete
The disadvantage to this is that files that could be repaired will be deleted.
To repair any file that is detected as infected, type the following, and then press Enter:
navdx /a /doallfiles /repair
CAUTION: If NAV cannot repair a file and you choose this option, then the file will be skipped. This means that infected files will still be on your system. If you choose this option, then you must run Navdx again, this time using the /delete switch, as shown in the previous example.
Extract new copies of the Wsock32.dll, Explorer.exe, and Rundll32.exe files
Edit the registry
CAUTION: We strongly recommend that you back up the system registry before making any changes to it. Incorrect changes to the registry may result in permanent data loss or corrupted files. Please make sure that you modify only the keys specified. Please see the document How to back up the Windows registry before proceeding.
Remove the floppy disk from the floppy disk drive.If you extracted the files from the Installation CD, then remove the CD from the CD-ROM drive.
Turn off the computer, and then wait thirty seconds.
Turn on the computer, and allow Windows to start.
NOTE: It is normal at this point for error messages to appear. They will refer to the virus files with messages, such as "Windows cannot find...." Ignore these messages. They are the result of the remaining entries in the Windows registry that you will remove next. They do not indicate that the computer is still infected.
Click Start, and then click Run. The Run dialog box appears.
Type regedit and then click OK. The Registry Editor opens.
Navigate to and select the following subkey:
HKey_Local_Machine\Software\[Matrix]
Press Delete, and then click Yes to confirm.
Navigate to and select the following subkey:
HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run
Delete the following value in the right pane:
SystemBackup C:\WINDOWS\MTX_.EXE
Click Yes to confirm.
In the left pane, click the My Computer key.
Click the Edit menu, and then click Find.
In the Find what box, type mtx and then click Find Next.
What you do next depends on whether any entries are found.
If no entries are found that contain the string mtx, then proceed to the next step.
If any entries are found that refer to Mtx_.exe, then you should delete them. Because this is a string search, it could find entries for legitimate programs that happen to contain thisstring. Make sure that the references is to Mtx_.exe before you delete it. To continue the search if an entry is found, press F3. Keep doing this until no more entries are found.
Perform another find operation, but this time search for [MATRIX]. Delete any entries that are found.
Click the Registry menu, and then click Exit to save the changes and close the Registry Editor.
Restart the computer.
© Copyright 2004, TaskList.org. All rights reserved. Portions copyright by Paul Collins (Pacs Portal). Disclaimer. Links